package com.dayuanit.dy14.atm.demo2.dy14atmweb.controller;

import com.dayuanit.dy14.atm.demo2.dy14atmcommon.dto.ResponseDTO;
import com.dayuanit.dy14.atm.demo2.dy14atmcommon.vo.DepositVO;
import com.dayuanit.dy14.atm.demo2.dy14atmservice.service.CardService;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

@RestController
@Api(tags = "银行卡操作的相关接口")
public class CardController extends BaseController {

    @Autowired
    private CardService cardService;

    @ApiOperation(value = "开户接口", notes = "用户输入密码，创建银行卡")
    @RequestMapping(value = "/card/openaccount", method = RequestMethod.POST)
    @ApiImplicitParams({
            @ApiImplicitParam(name = "password", value = "银行卡密码", required = true,  paramType = "query", dataType = "String"),
            @ApiImplicitParam(name = "confirmPwd", value = "银行卡确认密码", required = true,  paramType = "query", dataType = "String"),
            @ApiImplicitParam(name = "token", value = "Token令牌", required = true,  paramType = "query", dataType = "String"),
    })
    public ResponseDTO openaccount(String password, String confirmPwd, String token, HttpSession session, HttpServletRequest request) {
        //session什么时候创建的？
        HttpSession httpSession = request.getSession();//request.getSession(true) 等价的

        httpSession = request.getSession(false);//false，如果当前request木有session，那么不创建。true，有session返回，无，则创建新的session.

        //Get & Post区别
        //1.请求参数  get是在地址后面，post在请求体中
        //2.安全的，如果有敏感信息 就使用post，由于get参数在URL地址中，无法做到加密，所以不安全。
        //3.get请求如意受到xss攻击。
        //4.get请求天生具备幂等性，POST不具备幂等性，所以POST请求要尽量做到幂等性。

        Object sessionToken = session.getAttribute("token");
        if (null == sessionToken) {
            return ResponseDTO.fail("请刷新页面，重新提交");
        }

        if (!sessionToken.equals(token)) {
            return ResponseDTO.fail("非法请求");
        }

        //TODO 开户的工作
        cardService.openaccount(password, confirmPwd, getUserId());
        session.removeAttribute("token");

        return ResponseDTO.success();
    }

    @ApiOperation(value = "取款接口", notes = "选择银行卡，输入密码和取款金额")
    @RequestMapping(value = "/card/draw", method = RequestMethod.POST)
    @ApiImplicitParams({
            @ApiImplicitParam(name = "cardId", value = "银行卡ID", required = true,  paramType = "query", dataType = "int"),
            @ApiImplicitParam(name = "password", value = "银行卡密码", required = true,  paramType = "query", dataType = "String"),
            @ApiImplicitParam(name = "amount", value = "取款金额", required = true,  paramType = "query", dataType = "String")
    })
    public ResponseDTO draw(DepositVO depositVO) {
        return ResponseDTO.success();
    }

    @GetMapping(value = "/card/loadMyCard")
    public ResponseDTO loadMyCard() {
        System.out.println( session.getAttribute("testxxx") + "----sessionId=" + session.getId() + "--- sessionClassname=" + session.getClass().getName());
        return ResponseDTO.success(cardService.loadMyCards(getUserId()));
    }

//    @ApiOperation(value = "存钱接口", notes = "选择银行卡，输入密码和存钱金额")
//    @RequestMapping(value = "/card/deposit", method = RequestMethod.POST)
//    public ResponseDTO deposit(@Validated DepositVO depositVO, BindingResult bindingResult) {
//        if (bindingResult.hasErrors()) {
//            return ResponseDTO.fail(bindingResult.getFieldError().getDefaultMessage());
//        }
//        cardService.deposit(depositVO.getCardId(), depositVO.getAmount(), depositVO.getPassword(), getUserId());
//        return ResponseDTO.success();
//    }

    @ApiOperation(value = "存钱接口", notes = "选择银行卡，输入密码和存钱金额")
    @RequestMapping(value = "/card/deposit", method = RequestMethod.POST)
    public ResponseDTO deposit(@Validated DepositVO depositVO) {
        cardService.deposit(depositVO.getCardId(), depositVO.getAmount(), depositVO.getPassword(), getUserId());
        return ResponseDTO.success();
    }
}
